WASHINGTON A global network that stole $45 million from two Middle Eastern banks showed how easily financial crimes can be committed and coordinated in cyberspace, and underlined the need for cyber security legislation, U.S. Homeland Security Secretary Janet Napolitano said on Tuesday.
"It demonstrates the kind and scope of financial crimes that are enabled in a network-connected world, particularly by those who have some skill although not necessarily the highest level of skill, quite frankly, but who can coordinate timing and the like," Napolitano told the Reuters Cybersecurity Summit in Washington.
In a crime that came to light last week, hackers infiltrated two bank card processing companies, headquartered in India and the United States respectively, to raise the balances and withdrawal limits on accounts, then withdrew the money from ATMs in 27 countries belonging to Oman's Bank Muscat and the National Bank of Ras Al Khaimah PSC of the United Arab Emirates.
Napolitano, who declined to discuss details of the investigation, said the growing number of cyber attacks on banks has led to a closer relationship between the government and financial institutions to tackle potential threats.
"There is urgency and this is a big problem and legislation certainly would assist us in our efforts," she said, referring to cyber security legislation that has been mired in a divided Congress.
INFORMATION SHARING, GLOBAL COOPERATION
Napolitano, responsible for keeping the United States safe from attacks ranging from cyber crime to what she termed "radicalized home grown plots" like last month's Boston Marathon bombings, said she was most concerned about the "known unknown".
"What I mean by that is particularly in the cyber world where we have imperfect information sharing, where we lack the kind of multi-lateral international reach one would desire, and where are at least known vulnerabilities," she said.
One way to help tackle the vulnerabilities would be legislation that lays out a process to ensure a flow of information in real time so companies will know about possible cyber threats, Napolitano said. In turn, the government can also benefit from information passed about specific types of attacks or intrusions seen by U.S. companies.
The Republican-controlled House of Representatives easily passed the Cyber Intelligence Sharing and Protection Act on April 18, with some support from Democrats. The bill calls for sharing of information but it was opposed by the White House which said it did not include enough privacy and civil liberties protections.
The Senate is working on a number of cyber-related bills. Napolitano said she hoped the Senate and the House could agree on legislation to improve cyber sharing that is supported by the White House. She said there was a lot of work being done behind the scenes on the proposed laws.
While cyber legislation failed to get through the Senate last year, Napolitano said lawmakers had made some progress since then.
"One of the things that happened last year was the education of many members about this field. They didn't know very much, to be truthful," she said.
More congressional hearings on the issue are likely this summer, Napolitano said, but timing for action on the legislation is uncertain. "It's Congress, and they have their own measure of time," she added.
Napolitano also said international cooperation needed to be improved to properly address cyber threats, which she said were growing in sophistication.
"I don't think yet we have the kind of international structure the world should have where cyber is concerned," she said. "That is yet to evolve and unfortunately may only evolve when there is a crisis of some sort."
Napolitano also said the government was studying ways to use its purchasing power to induce software makers to sell more secure products.
"What we are looking at is what kind of incentives could be used to attract companies to use best practices, including in the software arena, and whether there could be procurement preferences," she said.
Napolitano, a former Democratic governor of Arizona, has been mentioned as a possible Presidential contender for 2016 but would not be drawn on the topic. "I have more than enough on my plate to think about," she said.
(Additional reporting by Alina Selyukh, Tiffany Wu and Joseph Menn; Editing by Ros Krasny, Jackie Frank and Paul Simao)